| Title | TP-Link VN020 F3v(T) ISP Routers Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Stack-based Buffer Overflow |
|---|
| Description | A critical and easily exploitable vulnerability in DHCP parsing on TP-Link VN020 F3v(T) routers enables attackers to deliver a crafted DHCP DISCOVER packet that triggers multiple memory corruption vectors. This includes an oversized hostname field (127 bytes), malformed length fields, and edge cases in vendor-specific options, each of which leads to unpredictable memory corruption and stack overflow in the router’s DHCP service. The attack is unauthenticated and can be launched from any device within network proximity, leveraging a single malformed packet to fully destabilize the router.
This vulnerability causes repeated router crashes, persistent denial of service, and — when exploited with a carefully crafted Return-Oriented Programming (ROP) chain full remote code execution, granting the attacker unrestricted control over the device. Which allows for backdoor insertion, traffic manipulation, or botnet integration. This flaw affects hundreds of thousands of units across the Maghreb region, including Algeria and Tunisia, where ISPs like Tunisie Telecom and Topnet deploy the same vulnerable firmware just with rebranding.
|
|---|
| Source | ⚠️ https://github.com/Zephkek/TP-Thumper |
|---|
| User | Mohamed Maatallah (UID 77278) |
|---|
| Submission | 11/06/2024 15:49 (2 years ago) |
|---|
| Moderation | 11/15/2024 08:04 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 284672 [TP-Link VN020 F3v(T) TT_V6.2.1021 DHCP DISCOVER Packet Parser Hostname TP-Thumper stack-based overflow] |
|---|
| Points | 20 |
|---|